Memory addresses












-3














I am workin on Overthewire narnia2(ctf game).
Currently I am learning how to use the gdb and I have a simple question.



    (gdb) x/200x $esp-0xac
0xffffd5a4: 0x08048534 0xffffd5c8 0xf7e5b7d0 0xffffd5c8
0xffffd5b4: 0xf7ffd920 0xf7e5b7d5 0x08048494 0x08048534
0xffffd5c4: 0xffffd5c8 0x6850c031 0x68732f2f 0x69622f68
0xffffd5d4: 0x50e3896e 0x89e18953 0xcd0bb0c2 0x41414180
0xffffd5e4: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd5f4: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd604: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd614: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd624: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd634: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd644: 0x41414141 0x62626262 0xf7e2a200 0x00000002
0xffffd654: 0xffffd6e4 0xffffd6f0 0x00000000 0x00000000
0xffffd664: 0x00000000 0xf7fc5000 0xf7ffdc0c 0xf7ffd000
0xffffd674: 0x00000000 0x00000002 0xf7fc5000 0x00000000
0xffffd684: 0x59e07c0a 0x6308501a 0x00000000 0x00000000



(gdb) x/200x $esp

0xffffd7a0: 0x000036b2 0x0000000e 0x000036b2 0x00000017
0xffffd7b0: 0x00000001 0x00000019 0xffffd7eb 0x0000001a
0xffffd7c0: 0x00000000 0x0000001f 0xffffdfe8 0x0000000f
0xffffd7d0: 0xffffd7fb 0x00000000 0x00000000 0x00000000
0xffffd7e0: 0x00000000 0x00000000 0x8b000000 0xb1cfbc04
0xffffd7f0: 0x91563e77 0xcb1ff506 0x6957e20c 0x00363836
0xffffd800: 0x00000000 0x00000000 0x00000000 0x72616e2f
0xffffd810: 0x2f61696e 0x6e72616e 0x00326169 0x41414141
0xffffd820: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd830: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd840: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd850: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd860: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd870: 0x41414141 0x41414141 0x41414141 0x41414141
0xffffd880: 0x41414141 0x31414141 0x2f6850c0 0x6868732f
0xffffd890: 0x6e69622f 0x5350e389 0xc289e189 0x80cd0bb0


what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
what is the most used and why?










share|improve this question





























    -3














    I am workin on Overthewire narnia2(ctf game).
    Currently I am learning how to use the gdb and I have a simple question.



        (gdb) x/200x $esp-0xac
    0xffffd5a4: 0x08048534 0xffffd5c8 0xf7e5b7d0 0xffffd5c8
    0xffffd5b4: 0xf7ffd920 0xf7e5b7d5 0x08048494 0x08048534
    0xffffd5c4: 0xffffd5c8 0x6850c031 0x68732f2f 0x69622f68
    0xffffd5d4: 0x50e3896e 0x89e18953 0xcd0bb0c2 0x41414180
    0xffffd5e4: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd5f4: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd604: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd614: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd624: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd634: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd644: 0x41414141 0x62626262 0xf7e2a200 0x00000002
    0xffffd654: 0xffffd6e4 0xffffd6f0 0x00000000 0x00000000
    0xffffd664: 0x00000000 0xf7fc5000 0xf7ffdc0c 0xf7ffd000
    0xffffd674: 0x00000000 0x00000002 0xf7fc5000 0x00000000
    0xffffd684: 0x59e07c0a 0x6308501a 0x00000000 0x00000000



    (gdb) x/200x $esp

    0xffffd7a0: 0x000036b2 0x0000000e 0x000036b2 0x00000017
    0xffffd7b0: 0x00000001 0x00000019 0xffffd7eb 0x0000001a
    0xffffd7c0: 0x00000000 0x0000001f 0xffffdfe8 0x0000000f
    0xffffd7d0: 0xffffd7fb 0x00000000 0x00000000 0x00000000
    0xffffd7e0: 0x00000000 0x00000000 0x8b000000 0xb1cfbc04
    0xffffd7f0: 0x91563e77 0xcb1ff506 0x6957e20c 0x00363836
    0xffffd800: 0x00000000 0x00000000 0x00000000 0x72616e2f
    0xffffd810: 0x2f61696e 0x6e72616e 0x00326169 0x41414141
    0xffffd820: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd830: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd840: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd850: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd860: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd870: 0x41414141 0x41414141 0x41414141 0x41414141
    0xffffd880: 0x41414141 0x31414141 0x2f6850c0 0x6868732f
    0xffffd890: 0x6e69622f 0x5350e389 0xc289e189 0x80cd0bb0


    what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
    what is the most used and why?










    share|improve this question



























      -3












      -3








      -3







      I am workin on Overthewire narnia2(ctf game).
      Currently I am learning how to use the gdb and I have a simple question.



          (gdb) x/200x $esp-0xac
      0xffffd5a4: 0x08048534 0xffffd5c8 0xf7e5b7d0 0xffffd5c8
      0xffffd5b4: 0xf7ffd920 0xf7e5b7d5 0x08048494 0x08048534
      0xffffd5c4: 0xffffd5c8 0x6850c031 0x68732f2f 0x69622f68
      0xffffd5d4: 0x50e3896e 0x89e18953 0xcd0bb0c2 0x41414180
      0xffffd5e4: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd5f4: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd604: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd614: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd624: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd634: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd644: 0x41414141 0x62626262 0xf7e2a200 0x00000002
      0xffffd654: 0xffffd6e4 0xffffd6f0 0x00000000 0x00000000
      0xffffd664: 0x00000000 0xf7fc5000 0xf7ffdc0c 0xf7ffd000
      0xffffd674: 0x00000000 0x00000002 0xf7fc5000 0x00000000
      0xffffd684: 0x59e07c0a 0x6308501a 0x00000000 0x00000000



      (gdb) x/200x $esp

      0xffffd7a0: 0x000036b2 0x0000000e 0x000036b2 0x00000017
      0xffffd7b0: 0x00000001 0x00000019 0xffffd7eb 0x0000001a
      0xffffd7c0: 0x00000000 0x0000001f 0xffffdfe8 0x0000000f
      0xffffd7d0: 0xffffd7fb 0x00000000 0x00000000 0x00000000
      0xffffd7e0: 0x00000000 0x00000000 0x8b000000 0xb1cfbc04
      0xffffd7f0: 0x91563e77 0xcb1ff506 0x6957e20c 0x00363836
      0xffffd800: 0x00000000 0x00000000 0x00000000 0x72616e2f
      0xffffd810: 0x2f61696e 0x6e72616e 0x00326169 0x41414141
      0xffffd820: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd830: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd840: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd850: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd860: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd870: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd880: 0x41414141 0x31414141 0x2f6850c0 0x6868732f
      0xffffd890: 0x6e69622f 0x5350e389 0xc289e189 0x80cd0bb0


      what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
      what is the most used and why?










      share|improve this question















      I am workin on Overthewire narnia2(ctf game).
      Currently I am learning how to use the gdb and I have a simple question.



          (gdb) x/200x $esp-0xac
      0xffffd5a4: 0x08048534 0xffffd5c8 0xf7e5b7d0 0xffffd5c8
      0xffffd5b4: 0xf7ffd920 0xf7e5b7d5 0x08048494 0x08048534
      0xffffd5c4: 0xffffd5c8 0x6850c031 0x68732f2f 0x69622f68
      0xffffd5d4: 0x50e3896e 0x89e18953 0xcd0bb0c2 0x41414180
      0xffffd5e4: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd5f4: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd604: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd614: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd624: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd634: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd644: 0x41414141 0x62626262 0xf7e2a200 0x00000002
      0xffffd654: 0xffffd6e4 0xffffd6f0 0x00000000 0x00000000
      0xffffd664: 0x00000000 0xf7fc5000 0xf7ffdc0c 0xf7ffd000
      0xffffd674: 0x00000000 0x00000002 0xf7fc5000 0x00000000
      0xffffd684: 0x59e07c0a 0x6308501a 0x00000000 0x00000000



      (gdb) x/200x $esp

      0xffffd7a0: 0x000036b2 0x0000000e 0x000036b2 0x00000017
      0xffffd7b0: 0x00000001 0x00000019 0xffffd7eb 0x0000001a
      0xffffd7c0: 0x00000000 0x0000001f 0xffffdfe8 0x0000000f
      0xffffd7d0: 0xffffd7fb 0x00000000 0x00000000 0x00000000
      0xffffd7e0: 0x00000000 0x00000000 0x8b000000 0xb1cfbc04
      0xffffd7f0: 0x91563e77 0xcb1ff506 0x6957e20c 0x00363836
      0xffffd800: 0x00000000 0x00000000 0x00000000 0x72616e2f
      0xffffd810: 0x2f61696e 0x6e72616e 0x00326169 0x41414141
      0xffffd820: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd830: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd840: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd850: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd860: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd870: 0x41414141 0x41414141 0x41414141 0x41414141
      0xffffd880: 0x41414141 0x31414141 0x2f6850c0 0x6868732f
      0xffffd890: 0x6e69622f 0x5350e389 0xc289e189 0x80cd0bb0


      what am I looking at when I do $esp-0xac? I've also seen other methods like $esp-0x14, but why not do plain $esp?
      what is the most used and why?







      c debugging gdb buffer-overflow






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 15 at 7:52









      Cœur

      17.4k9102143




      17.4k9102143










      asked Nov 23 at 0:26









      Joel alexis

      134




      134
























          1 Answer
          1






          active

          oldest

          votes


















          1















          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer





















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53439365%2fmemory-addresses%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1















          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer





















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45
















          1















          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer





















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45














          1












          1








          1







          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.






          share|improve this answer













          what am i looking at when i do $esp-0xac?




          The $esp register points to the boundary (in memory) between used and unused portion of the stack. On i*86 processors, stack grows to lower addresses, so anything above (at higher addresses) $esp contains used portion of the stack (local variables, return addresses, saved registers, etc.) and anything below (at lower addresses) contains currently unused portion of the stack.



          The command x/200x $esp-0xac then examines contents of 43 32-bit words of currently used stack, and 157 words of unused portion of the stack.




          ive also seen other methods like $esp-0x14, but why not do plain $esp?




          The $esp-0x14 would let you look at the last 5 used words of the stack. Using $esp would let you look at the unused portion of the stack. You could do that, but it's somewhat pointless.




          what is the most used and why?




          Examining stack is useful when you want to where some specific value is stored (e.g. during exploit / stack buffer overflow analysis), or when you are debugging at the machine instruction level.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 23 at 5:11









          Employed Russian

          123k19164233




          123k19164233












          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45


















          • Very helpful. Thank you very much for giving me this clarity.
            – Joel alexis
            Nov 24 at 21:45
















          Very helpful. Thank you very much for giving me this clarity.
          – Joel alexis
          Nov 24 at 21:45




          Very helpful. Thank you very much for giving me this clarity.
          – Joel alexis
          Nov 24 at 21:45


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53439365%2fmemory-addresses%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

          Calculate evaluation metrics using cross_val_predict sklearn

          Insert data from modal to MySQL (multiple modal on website)